1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Brad Lafountain <rodif_bl@yahoo.com> |
14 | Shane Caraveo <shane@caraveo.com> |
15 | Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php_soap.h"
20 #include "ext/standard/base64.h"
21 #include "ext/standard/md5.h"
22 #include "ext/standard/php_random.h"
23 #include "ext/hash/php_hash.h"
24
25 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
26 static char *get_http_header_value(char *headers, char *type);
27 static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
28 static zend_string *get_http_headers(php_stream *socketd);
29
30 #define smart_str_append_const(str, const) \
31 smart_str_appendl(str,const,sizeof(const)-1)
32
33 /* Proxy HTTP Authentication */
proxy_authentication(zval * this_ptr,smart_str * soap_headers)34 int proxy_authentication(zval* this_ptr, smart_str* soap_headers)
35 {
36 zval *login = Z_CLIENT_PROXY_LOGIN_P(this_ptr);
37 if (Z_TYPE_P(login) == IS_STRING) {
38 smart_str auth = {0};
39 smart_str_append(&auth, Z_STR_P(login));
40 smart_str_appendc(&auth, ':');
41
42 zval *password = Z_CLIENT_PROXY_PASSWORD_P(this_ptr);
43 if (Z_TYPE_P(password) == IS_STRING) {
44 smart_str_append(&auth, Z_STR_P(password));
45 }
46 smart_str_0(&auth);
47 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
48 smart_str_append_const(soap_headers, "Proxy-Authorization: Basic ");
49 smart_str_append(soap_headers, buf);
50 smart_str_append_const(soap_headers, "\r\n");
51 zend_string_release_ex(buf, 0);
52 smart_str_free(&auth);
53 return 1;
54 }
55 return 0;
56 }
57
58 /* HTTP Authentication */
basic_authentication(zval * this_ptr,smart_str * soap_headers)59 int basic_authentication(zval* this_ptr, smart_str* soap_headers)
60 {
61 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
62 zval *use_digest = Z_CLIENT_USE_DIGEST_P(this_ptr);
63 if (Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(use_digest) != IS_TRUE) {
64 smart_str auth = {0};
65 smart_str_append(&auth, Z_STR_P(login));
66 smart_str_appendc(&auth, ':');
67
68 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
69 if (Z_TYPE_P(password) == IS_STRING) {
70 smart_str_append(&auth, Z_STR_P(password));
71 }
72 smart_str_0(&auth);
73 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
74 smart_str_append_const(soap_headers, "Authorization: Basic ");
75 smart_str_append(soap_headers, buf);
76 smart_str_append_const(soap_headers, "\r\n");
77 zend_string_release_ex(buf, 0);
78 smart_str_free(&auth);
79 return 1;
80 }
81 return 0;
82 }
83
84 /* Additional HTTP headers */
http_context_headers(php_stream_context * context,bool has_authorization,bool has_proxy_authorization,bool has_cookies,smart_str * soap_headers)85 void http_context_headers(php_stream_context* context,
86 bool has_authorization,
87 bool has_proxy_authorization,
88 bool has_cookies,
89 smart_str* soap_headers)
90 {
91 zval *tmp;
92
93 if (context &&
94 (tmp = php_stream_context_get_option(context, "http", "header")) != NULL &&
95 Z_TYPE_P(tmp) == IS_STRING && Z_STRLEN_P(tmp)) {
96 char *s = Z_STRVAL_P(tmp);
97 char *p;
98 int name_len;
99
100 while (*s) {
101 /* skip leading newlines and spaces */
102 while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n') {
103 s++;
104 }
105 /* extract header name */
106 p = s;
107 name_len = -1;
108 while (*p) {
109 if (*p == ':') {
110 if (name_len < 0) name_len = p - s;
111 break;
112 } else if (*p == ' ' || *p == '\t') {
113 if (name_len < 0) name_len = p - s;
114 } else if (*p == '\r' || *p == '\n') {
115 break;
116 }
117 p++;
118 }
119 if (*p == ':') {
120 /* extract header value */
121 while (*p && *p != '\r' && *p != '\n') {
122 p++;
123 }
124 /* skip some predefined headers */
125 if ((name_len != sizeof("host")-1 ||
126 strncasecmp(s, "host", sizeof("host")-1) != 0) &&
127 (name_len != sizeof("connection")-1 ||
128 strncasecmp(s, "connection", sizeof("connection")-1) != 0) &&
129 (name_len != sizeof("user-agent")-1 ||
130 strncasecmp(s, "user-agent", sizeof("user-agent")-1) != 0) &&
131 (name_len != sizeof("content-length")-1 ||
132 strncasecmp(s, "content-length", sizeof("content-length")-1) != 0) &&
133 (name_len != sizeof("content-type")-1 ||
134 strncasecmp(s, "content-type", sizeof("content-type")-1) != 0) &&
135 (!has_cookies ||
136 name_len != sizeof("cookie")-1 ||
137 strncasecmp(s, "cookie", sizeof("cookie")-1) != 0) &&
138 (!has_authorization ||
139 name_len != sizeof("authorization")-1 ||
140 strncasecmp(s, "authorization", sizeof("authorization")-1) != 0) &&
141 (!has_proxy_authorization ||
142 name_len != sizeof("proxy-authorization")-1 ||
143 strncasecmp(s, "proxy-authorization", sizeof("proxy-authorization")-1) != 0)) {
144 /* add header */
145 smart_str_appendl(soap_headers, s, p-s);
146 smart_str_append_const(soap_headers, "\r\n");
147 }
148 }
149 s = (*p) ? (p + 1) : p;
150 }
151 }
152 }
153
http_connect(zval * this_ptr,php_url * phpurl,int use_ssl,php_stream_context * context,int * use_proxy)154 static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, php_stream_context *context, int *use_proxy)
155 {
156 php_stream *stream;
157 zval *tmp, ssl_proxy_peer_name;
158 char *host;
159 char *name;
160 char *protocol;
161 zend_long namelen;
162 int port;
163 int old_error_reporting;
164 struct timeval tv;
165 struct timeval *timeout = NULL;
166
167 zval *proxy_host = Z_CLIENT_PROXY_HOST_P(this_ptr);
168 zval *proxy_port = Z_CLIENT_PROXY_PORT_P(this_ptr);
169 if (Z_TYPE_P(proxy_host) == IS_STRING && Z_TYPE_P(proxy_port) == IS_LONG) {
170 host = Z_STRVAL_P(proxy_host);
171 port = Z_LVAL_P(proxy_port);
172 *use_proxy = 1;
173 } else {
174 host = ZSTR_VAL(phpurl->host);
175 port = phpurl->port;
176 }
177
178 tmp = Z_CLIENT_CONNECTION_TIMEOUT_P(this_ptr);
179 if (Z_TYPE_P(tmp) == IS_LONG && Z_LVAL_P(tmp) > 0) {
180 tv.tv_sec = Z_LVAL_P(tmp);
181 tv.tv_usec = 0;
182 timeout = &tv;
183 }
184
185 old_error_reporting = EG(error_reporting);
186 EG(error_reporting) &= ~(E_WARNING|E_NOTICE|E_USER_WARNING|E_USER_NOTICE);
187
188 /* Changed ternary operator to an if/else so that additional comparisons can be done on the ssl_method property */
189 if (use_ssl && !*use_proxy) {
190 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
191 if (Z_TYPE_P(tmp) == IS_LONG) {
192 /* uses constants declared in soap.c to determine ssl uri protocol */
193 switch (Z_LVAL_P(tmp)) {
194 case SOAP_SSL_METHOD_TLS:
195 protocol = "tls";
196 break;
197
198 case SOAP_SSL_METHOD_SSLv2:
199 protocol = "sslv2";
200 break;
201
202 case SOAP_SSL_METHOD_SSLv3:
203 protocol = "sslv3";
204 break;
205
206 case SOAP_SSL_METHOD_SSLv23:
207 protocol = "ssl";
208 break;
209
210 default:
211 protocol = "ssl";
212 break;
213
214 }
215 } else {
216 protocol = "ssl";
217 }
218 } else {
219 protocol = "tcp";
220 }
221
222 namelen = spprintf(&name, 0, "%s://%s:%d", protocol, host, port);
223
224 stream = php_stream_xport_create(name, namelen,
225 REPORT_ERRORS,
226 STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
227 NULL /*persistent_id*/,
228 timeout,
229 context,
230 NULL, NULL);
231 efree(name);
232
233 /* SSL & proxy */
234 if (stream && *use_proxy && use_ssl) {
235 smart_str soap_headers = {0};
236
237 /* Set peer_name or name verification will try to use the proxy server name */
238 if (!context || (tmp = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
239 ZVAL_STR_COPY(&ssl_proxy_peer_name, phpurl->host);
240 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
241 zval_ptr_dtor(&ssl_proxy_peer_name);
242 }
243
244 smart_str_append_const(&soap_headers, "CONNECT ");
245 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
246 smart_str_appendc(&soap_headers, ':');
247 smart_str_append_unsigned(&soap_headers, phpurl->port);
248 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
249 smart_str_append_const(&soap_headers, "Host: ");
250 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
251 if (phpurl->port != 80) {
252 smart_str_appendc(&soap_headers, ':');
253 smart_str_append_unsigned(&soap_headers, phpurl->port);
254 }
255 smart_str_append_const(&soap_headers, "\r\n");
256 proxy_authentication(this_ptr, &soap_headers);
257 smart_str_append_const(&soap_headers, "\r\n");
258 if (php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)) != ZSTR_LEN(soap_headers.s)) {
259 php_stream_close(stream);
260 stream = NULL;
261 }
262 smart_str_free(&soap_headers);
263
264 if (stream) {
265 zend_string *http_headers = get_http_headers(stream);
266 if (http_headers) {
267 zend_string_free(http_headers);
268 } else {
269 php_stream_close(stream);
270 stream = NULL;
271 }
272 }
273 /* enable SSL transport layer */
274 if (stream) {
275 /* if a stream is created without encryption, check to see if SSL method parameter is specified and use
276 proper encrypyion method based on constants defined in soap.c */
277 int crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
278 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
279 if (Z_TYPE_P(tmp) == IS_LONG) {
280 switch (Z_LVAL_P(tmp)) {
281 case SOAP_SSL_METHOD_TLS:
282 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
283 break;
284
285 case SOAP_SSL_METHOD_SSLv2:
286 crypto_method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
287 break;
288
289 case SOAP_SSL_METHOD_SSLv3:
290 crypto_method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
291 break;
292
293 case SOAP_SSL_METHOD_SSLv23:
294 crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
295 break;
296
297 default:
298 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
299 break;
300 }
301 }
302 if (php_stream_xport_crypto_setup(stream, crypto_method, NULL) < 0 ||
303 php_stream_xport_crypto_enable(stream, 1) < 0) {
304 php_stream_close(stream);
305 stream = NULL;
306 }
307 }
308 }
309
310 EG(error_reporting) = old_error_reporting;
311 return stream;
312 }
313
in_domain(const char * host,const char * domain)314 static int in_domain(const char *host, const char *domain)
315 {
316 if (domain[0] == '.') {
317 int l1 = strlen(host);
318 int l2 = strlen(domain);
319 if (l1 > l2) {
320 return strcmp(host+l1-l2,domain) == 0;
321 } else {
322 return 0;
323 }
324 } else {
325 return strcmp(host,domain) == 0;
326 }
327 }
328
make_http_soap_request(zval * this_ptr,zend_string * buf,char * location,char * soapaction,int soap_version,zval * return_value)329 int make_http_soap_request(zval *this_ptr,
330 zend_string *buf,
331 char *location,
332 char *soapaction,
333 int soap_version,
334 zval *return_value)
335 {
336 zend_string *request;
337 smart_str soap_headers = {0};
338 smart_str soap_headers_z = {0};
339 size_t err;
340 php_url *phpurl = NULL;
341 php_stream *stream;
342 zval *tmp;
343 int use_proxy = 0;
344 int use_ssl;
345 zend_string *http_body;
346 char *content_type, *http_version, *cookie_itt;
347 size_t cookie_len;
348 int http_close;
349 zend_string *http_headers;
350 char *connection;
351 int http_1_1;
352 int http_status;
353 int content_type_xml = 0;
354 zend_long redirect_max = 20;
355 char *content_encoding;
356 char *http_msg = NULL;
357 bool old_allow_url_fopen;
358 php_stream_context *context = NULL;
359 bool has_authorization = 0;
360 bool has_proxy_authorization = 0;
361 bool has_cookies = 0;
362
363 if (this_ptr == NULL || Z_TYPE_P(this_ptr) != IS_OBJECT) {
364 return FALSE;
365 }
366
367 request = buf;
368 /* Compress request */
369 tmp = Z_CLIENT_COMPRESSION_P(this_ptr);
370 if (Z_TYPE_P(tmp) == IS_LONG) {
371 int level = Z_LVAL_P(tmp) & 0x0f;
372 int kind = Z_LVAL_P(tmp) & SOAP_COMPRESSION_DEFLATE;
373
374 if (level > 9) {level = 9;}
375
376 if ((Z_LVAL_P(tmp) & SOAP_COMPRESSION_ACCEPT) != 0) {
377 smart_str_append_const(&soap_headers_z,"Accept-Encoding: gzip, deflate\r\n");
378 }
379 if (level > 0) {
380 zval func;
381 zval retval;
382 zval params[3];
383 int n;
384
385 ZVAL_STR_COPY(¶ms[0], buf);
386 ZVAL_LONG(¶ms[1], level);
387 if (kind == SOAP_COMPRESSION_DEFLATE) {
388 n = 2;
389 ZVAL_STRING(&func, "gzcompress");
390 smart_str_append_const(&soap_headers_z,"Content-Encoding: deflate\r\n");
391 } else {
392 n = 3;
393 ZVAL_STRING(&func, "gzencode");
394 smart_str_append_const(&soap_headers_z,"Content-Encoding: gzip\r\n");
395 ZVAL_LONG(¶ms[2], 0x1f);
396 }
397 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, n, params) == SUCCESS &&
398 Z_TYPE(retval) == IS_STRING) {
399 zval_ptr_dtor(¶ms[0]);
400 zval_ptr_dtor(&func);
401 request = Z_STR(retval);
402 } else {
403 zval_ptr_dtor(¶ms[0]);
404 zval_ptr_dtor(&func);
405 if (request != buf) {
406 zend_string_release_ex(request, 0);
407 }
408 smart_str_free(&soap_headers_z);
409 return FALSE;
410 }
411 }
412 }
413
414 tmp = Z_CLIENT_HTTPSOCKET_P(this_ptr);
415 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
416 php_stream_from_zval_no_verify(stream,tmp);
417 tmp = Z_CLIENT_USE_PROXY_P(this_ptr);
418 if (Z_TYPE_P(tmp) == IS_LONG) {
419 use_proxy = Z_LVAL_P(tmp);
420 }
421 } else {
422 stream = NULL;
423 }
424
425 if (location != NULL && location[0] != '\000') {
426 phpurl = php_url_parse(location);
427 }
428
429 tmp = Z_CLIENT_STREAM_CONTEXT_P(this_ptr);
430 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
431 context = php_stream_context_from_zval(tmp, 0);
432 }
433
434 if (context &&
435 (tmp = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
436 if (Z_TYPE_P(tmp) != IS_STRING || !is_numeric_string(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &redirect_max, NULL, 1)) {
437 if (Z_TYPE_P(tmp) == IS_LONG)
438 redirect_max = Z_LVAL_P(tmp);
439 }
440 }
441
442 try_again:
443 if (phpurl == NULL || phpurl->host == NULL) {
444 if (phpurl != NULL) {php_url_free(phpurl);}
445 if (request != buf) {
446 zend_string_release_ex(request, 0);
447 }
448 add_soap_fault(this_ptr, "HTTP", "Unable to parse URL", NULL, NULL);
449 smart_str_free(&soap_headers_z);
450 return FALSE;
451 }
452
453 use_ssl = 0;
454 if (phpurl->scheme != NULL && zend_string_equals_literal(phpurl->scheme, "https")) {
455 use_ssl = 1;
456 } else if (phpurl->scheme == NULL || !zend_string_equals_literal(phpurl->scheme, "http")) {
457 php_url_free(phpurl);
458 if (request != buf) {
459 zend_string_release_ex(request, 0);
460 }
461 add_soap_fault(this_ptr, "HTTP", "Unknown protocol. Only http and https are allowed.", NULL, NULL);
462 smart_str_free(&soap_headers_z);
463 return FALSE;
464 }
465
466 old_allow_url_fopen = PG(allow_url_fopen);
467 PG(allow_url_fopen) = 1;
468 if (use_ssl && php_stream_locate_url_wrapper("https://", NULL, STREAM_LOCATE_WRAPPERS_ONLY) == NULL) {
469 php_url_free(phpurl);
470 if (request != buf) {
471 zend_string_release_ex(request, 0);
472 }
473 add_soap_fault(this_ptr, "HTTP", "SSL support is not available in this build", NULL, NULL);
474 PG(allow_url_fopen) = old_allow_url_fopen;
475 smart_str_free(&soap_headers_z);
476 return FALSE;
477 }
478
479 if (phpurl->port == 0) {
480 phpurl->port = use_ssl ? 443 : 80;
481 }
482
483 /* Check if request to the same host */
484 if (stream != NULL) {
485 php_url *orig;
486 tmp = Z_CLIENT_HTTPURL_P(this_ptr);
487 if (Z_TYPE_P(tmp) == IS_RESOURCE &&
488 (orig = (php_url *) zend_fetch_resource_ex(tmp, "httpurl", le_url)) != NULL &&
489 ((use_proxy && !use_ssl) ||
490 (((use_ssl && orig->scheme != NULL && zend_string_equals_literal(orig->scheme, "https")) ||
491 (!use_ssl && orig->scheme == NULL) ||
492 (!use_ssl && !zend_string_equals_literal(orig->scheme, "https"))) &&
493 zend_string_equals(orig->host, phpurl->host) &&
494 orig->port == phpurl->port))) {
495 } else {
496 php_stream_close(stream);
497 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
498 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
499 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
500 stream = NULL;
501 use_proxy = 0;
502 }
503 }
504
505 /* Check if keep-alive connection is still opened */
506 if (stream != NULL && php_stream_eof(stream)) {
507 php_stream_close(stream);
508 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
509 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
510 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
511 stream = NULL;
512 use_proxy = 0;
513 }
514
515 if (!stream) {
516 stream = http_connect(this_ptr, phpurl, use_ssl, context, &use_proxy);
517 if (stream) {
518 php_stream_auto_cleanup(stream);
519 ZVAL_RES(Z_CLIENT_HTTPSOCKET_P(this_ptr), stream->res);
520 GC_ADDREF(stream->res);
521 ZVAL_LONG(Z_CLIENT_USE_PROXY_P(this_ptr), use_proxy);
522 } else {
523 php_url_free(phpurl);
524 if (request != buf) {
525 zend_string_release_ex(request, 0);
526 }
527 add_soap_fault(this_ptr, "HTTP", "Could not connect to host", NULL, NULL);
528 PG(allow_url_fopen) = old_allow_url_fopen;
529 smart_str_free(&soap_headers_z);
530 return FALSE;
531 }
532 }
533 PG(allow_url_fopen) = old_allow_url_fopen;
534
535 if (stream) {
536 zval *cookies, *login, *password;
537 zend_resource *ret = zend_register_resource(phpurl, le_url);
538 ZVAL_RES(Z_CLIENT_HTTPURL_P(this_ptr), ret);
539 GC_ADDREF(ret);
540
541 if (context &&
542 (tmp = php_stream_context_get_option(context, "http", "protocol_version")) != NULL &&
543 Z_TYPE_P(tmp) == IS_DOUBLE &&
544 Z_DVAL_P(tmp) == 1.0) {
545 http_1_1 = 0;
546 } else {
547 http_1_1 = 1;
548 }
549
550 smart_str_append_const(&soap_headers, "POST ");
551 if (use_proxy && !use_ssl) {
552 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->scheme));
553 smart_str_append_const(&soap_headers, "://");
554 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
555 smart_str_appendc(&soap_headers, ':');
556 smart_str_append_unsigned(&soap_headers, phpurl->port);
557 }
558 if (phpurl->path) {
559 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
560 } else {
561 smart_str_appendc(&soap_headers, '/');
562 }
563 if (phpurl->query) {
564 smart_str_appendc(&soap_headers, '?');
565 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
566 }
567 if (phpurl->fragment) {
568 smart_str_appendc(&soap_headers, '#');
569 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
570 }
571 if (http_1_1) {
572 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
573 } else {
574 smart_str_append_const(&soap_headers, " HTTP/1.0\r\n");
575 }
576 smart_str_append_const(&soap_headers, "Host: ");
577 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
578 if (phpurl->port != (use_ssl?443:80)) {
579 smart_str_appendc(&soap_headers, ':');
580 smart_str_append_unsigned(&soap_headers, phpurl->port);
581 }
582 if (!http_1_1 || Z_TYPE_P(Z_CLIENT_KEEP_ALIVE_P(this_ptr)) == IS_FALSE) {
583 smart_str_append_const(&soap_headers, "\r\n"
584 "Connection: close\r\n");
585 } else {
586 smart_str_append_const(&soap_headers, "\r\n"
587 "Connection: Keep-Alive\r\n");
588 }
589 tmp = Z_CLIENT_USER_AGENT_P(this_ptr);
590 if (Z_TYPE_P(tmp) == IS_STRING) {
591 if (Z_STRLEN_P(tmp) > 0) {
592 smart_str_append_const(&soap_headers, "User-Agent: ");
593 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
594 smart_str_append_const(&soap_headers, "\r\n");
595 }
596 } else if (context &&
597 (tmp = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
598 Z_TYPE_P(tmp) == IS_STRING) {
599 if (Z_STRLEN_P(tmp) > 0) {
600 smart_str_append_const(&soap_headers, "User-Agent: ");
601 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
602 smart_str_append_const(&soap_headers, "\r\n");
603 }
604 } else if (FG(user_agent)) {
605 smart_str_append_const(&soap_headers, "User-Agent: ");
606 smart_str_appends(&soap_headers, FG(user_agent));
607 smart_str_append_const(&soap_headers, "\r\n");
608 } else {
609 smart_str_append_const(&soap_headers, "User-Agent: PHP-SOAP/"PHP_VERSION"\r\n");
610 }
611
612 smart_str_append_smart_str(&soap_headers, &soap_headers_z);
613
614 if (soap_version == SOAP_1_2) {
615 if (context &&
616 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
617 Z_TYPE_P(tmp) == IS_STRING &&
618 Z_STRLEN_P(tmp) > 0
619 ) {
620 smart_str_append_const(&soap_headers, "Content-Type: ");
621 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
622 } else {
623 smart_str_append_const(&soap_headers, "Content-Type: application/soap+xml; charset=utf-8");
624 }
625 if (soapaction) {
626 smart_str_append_const(&soap_headers,"; action=\"");
627 smart_str_appends(&soap_headers, soapaction);
628 smart_str_append_const(&soap_headers,"\"");
629 }
630 smart_str_append_const(&soap_headers,"\r\n");
631 } else {
632 if (context &&
633 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
634 Z_TYPE_P(tmp) == IS_STRING &&
635 Z_STRLEN_P(tmp) > 0
636 ) {
637 smart_str_append_const(&soap_headers, "Content-Type: ");
638 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
639 smart_str_append_const(&soap_headers, "\r\n");
640 } else {
641 smart_str_append_const(&soap_headers, "Content-Type: text/xml; charset=utf-8\r\n");
642 }
643 if (soapaction) {
644 smart_str_append_const(&soap_headers, "SOAPAction: \"");
645 smart_str_appends(&soap_headers, soapaction);
646 smart_str_append_const(&soap_headers, "\"\r\n");
647 }
648 }
649 smart_str_append_const(&soap_headers,"Content-Length: ");
650 smart_str_append_long(&soap_headers, request->len);
651 smart_str_append_const(&soap_headers, "\r\n");
652
653 /* HTTP Authentication */
654 login = Z_CLIENT_LOGIN_P(this_ptr);
655 if (Z_TYPE_P(login) == IS_STRING) {
656 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
657
658 has_authorization = 1;
659 if (Z_TYPE_P(digest) == IS_ARRAY) {
660 char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
661 unsigned char nonce[16];
662 PHP_MD5_CTX md5ctx;
663 unsigned char hash[16];
664
665 if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
666 ZEND_ASSERT(EG(exception));
667 php_stream_close(stream);
668 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
669 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
670 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
671 smart_str_free(&soap_headers_z);
672 smart_str_free(&soap_headers);
673 return FALSE;
674 }
675
676 php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
677 cnonce[32] = 0;
678
679 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
680 Z_TYPE_P(tmp) == IS_LONG) {
681 Z_LVAL_P(tmp)++;
682 snprintf(nc, sizeof(nc), "%08" ZEND_LONG_FMT_SPEC, Z_LVAL_P(tmp));
683 } else {
684 add_assoc_long(digest, "nc", 1);
685 strcpy(nc, "00000001");
686 }
687
688 PHP_MD5Init(&md5ctx);
689 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(login), Z_STRLEN_P(login));
690 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
691 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
692 Z_TYPE_P(tmp) == IS_STRING) {
693 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
694 }
695 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
696 password = Z_CLIENT_PASSWORD_P(this_ptr);
697 if (Z_TYPE_P(password) == IS_STRING) {
698 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(password), Z_STRLEN_P(password));
699 }
700 PHP_MD5Final(hash, &md5ctx);
701 make_digest(HA1, hash);
702 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
703 Z_TYPE_P(tmp) == IS_STRING &&
704 Z_STRLEN_P(tmp) == sizeof("md5-sess")-1 &&
705 stricmp(Z_STRVAL_P(tmp), "md5-sess") == 0) {
706 PHP_MD5Init(&md5ctx);
707 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
708 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
709 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
710 Z_TYPE_P(tmp) == IS_STRING) {
711 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
712 }
713 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
714 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
715 PHP_MD5Final(hash, &md5ctx);
716 make_digest(HA1, hash);
717 }
718
719 PHP_MD5Init(&md5ctx);
720 PHP_MD5Update(&md5ctx, (unsigned char*)"POST:", sizeof("POST:")-1);
721 if (phpurl->path) {
722 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->path), ZSTR_LEN(phpurl->path));
723 } else {
724 PHP_MD5Update(&md5ctx, (unsigned char*)"/", 1);
725 }
726 if (phpurl->query) {
727 PHP_MD5Update(&md5ctx, (unsigned char*)"?", 1);
728 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->query), ZSTR_LEN(phpurl->query));
729 }
730
731 PHP_MD5Final(hash, &md5ctx);
732 make_digest(HA2, hash);
733
734 PHP_MD5Init(&md5ctx);
735 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
736 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
737 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
738 Z_TYPE_P(tmp) == IS_STRING) {
739 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
740 }
741 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
742 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
743 Z_TYPE_P(tmp) == IS_STRING) {
744 PHP_MD5Update(&md5ctx, (unsigned char*)nc, 8);
745 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
746 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
747 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
748 /* TODO: Support for qop="auth-int" */
749 PHP_MD5Update(&md5ctx, (unsigned char*)"auth", sizeof("auth")-1);
750 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
751 }
752 PHP_MD5Update(&md5ctx, (unsigned char*)HA2, 32);
753 PHP_MD5Final(hash, &md5ctx);
754 make_digest(response, hash);
755
756 smart_str_append_const(&soap_headers, "Authorization: Digest username=\"");
757 smart_str_appendl(&soap_headers, Z_STRVAL_P(login), Z_STRLEN_P(login));
758 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
759 Z_TYPE_P(tmp) == IS_STRING) {
760 smart_str_append_const(&soap_headers, "\", realm=\"");
761 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
762 }
763 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
764 Z_TYPE_P(tmp) == IS_STRING) {
765 smart_str_append_const(&soap_headers, "\", nonce=\"");
766 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
767 }
768 smart_str_append_const(&soap_headers, "\", uri=\"");
769 if (phpurl->path) {
770 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
771 } else {
772 smart_str_appendc(&soap_headers, '/');
773 }
774 if (phpurl->query) {
775 smart_str_appendc(&soap_headers, '?');
776 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
777 }
778 if (phpurl->fragment) {
779 smart_str_appendc(&soap_headers, '#');
780 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
781 }
782 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
783 Z_TYPE_P(tmp) == IS_STRING) {
784 /* TODO: Support for qop="auth-int" */
785 smart_str_append_const(&soap_headers, "\", qop=\"auth");
786 smart_str_append_const(&soap_headers, "\", nc=\"");
787 smart_str_appendl(&soap_headers, nc, 8);
788 smart_str_append_const(&soap_headers, "\", cnonce=\"");
789 smart_str_appendl(&soap_headers, cnonce, 8);
790 }
791 smart_str_append_const(&soap_headers, "\", response=\"");
792 smart_str_appendl(&soap_headers, response, 32);
793 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "opaque", sizeof("opaque")-1)) != NULL &&
794 Z_TYPE_P(tmp) == IS_STRING) {
795 smart_str_append_const(&soap_headers, "\", opaque=\"");
796 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
797 }
798 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
799 Z_TYPE_P(tmp) == IS_STRING) {
800 smart_str_append_const(&soap_headers, "\", algorithm=\"");
801 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
802 }
803 smart_str_append_const(&soap_headers, "\"\r\n");
804 } else {
805 zend_string *buf;
806
807 smart_str auth = {0};
808 smart_str_append(&auth, Z_STR_P(login));
809 smart_str_appendc(&auth, ':');
810 password = Z_CLIENT_PASSWORD_P(this_ptr);
811 if (Z_TYPE_P(password) == IS_STRING) {
812 smart_str_append(&auth, Z_STR_P(password));
813 }
814 smart_str_0(&auth);
815 buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
816 smart_str_append_const(&soap_headers, "Authorization: Basic ");
817 smart_str_append(&soap_headers, buf);
818 smart_str_append_const(&soap_headers, "\r\n");
819 zend_string_release_ex(buf, 0);
820 smart_str_free(&auth);
821 }
822 }
823
824 /* Proxy HTTP Authentication */
825 if (use_proxy && !use_ssl) {
826 has_proxy_authorization = proxy_authentication(this_ptr, &soap_headers);
827 }
828
829 /* Send cookies along with request */
830 cookies = Z_CLIENT_COOKIES_P(this_ptr);
831 ZEND_ASSERT(Z_TYPE_P(cookies) == IS_ARRAY);
832 if (zend_hash_num_elements(Z_ARRVAL_P(cookies)) != 0) {
833 zval *data;
834 zend_string *key;
835 has_cookies = 1;
836 smart_str_append_const(&soap_headers, "Cookie: ");
837 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(cookies), key, data) {
838 if (key && Z_TYPE_P(data) == IS_ARRAY) {
839 zval *value;
840
841 if ((value = zend_hash_index_find(Z_ARRVAL_P(data), 0)) != NULL &&
842 Z_TYPE_P(value) == IS_STRING) {
843 zval *tmp;
844 if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL ||
845 Z_TYPE_P(tmp) != IS_STRING ||
846 strncmp(phpurl->path?ZSTR_VAL(phpurl->path):"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) &&
847 ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL ||
848 Z_TYPE_P(tmp) != IS_STRING ||
849 in_domain(ZSTR_VAL(phpurl->host),Z_STRVAL_P(tmp))) &&
850 (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) {
851 smart_str_append(&soap_headers, key);
852 smart_str_appendc(&soap_headers, '=');
853 smart_str_append(&soap_headers, Z_STR_P(value));
854 smart_str_appendc(&soap_headers, ';');
855 }
856 }
857 }
858 } ZEND_HASH_FOREACH_END();
859 smart_str_append_const(&soap_headers, "\r\n");
860 }
861
862 http_context_headers(context, has_authorization, has_proxy_authorization, has_cookies, &soap_headers);
863
864 smart_str_append_const(&soap_headers, "\r\n");
865 smart_str_0(&soap_headers);
866 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
867 zval_ptr_dtor(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr));
868 /* Need to copy the string here, as we continue appending to soap_headers below. */
869 ZVAL_STRINGL(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr),
870 ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
871 }
872 smart_str_appendl(&soap_headers, request->val, request->len);
873 smart_str_0(&soap_headers);
874
875 err = php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
876 if (err != ZSTR_LEN(soap_headers.s)) {
877 if (request != buf) {
878 zend_string_release_ex(request, 0);
879 }
880 php_stream_close(stream);
881 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
882 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
883 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
884 add_soap_fault(this_ptr, "HTTP", "Failed Sending HTTP SOAP request", NULL, NULL);
885 smart_str_free(&soap_headers_z);
886 return FALSE;
887 }
888 smart_str_free(&soap_headers);
889 } else {
890 add_soap_fault(this_ptr, "HTTP", "Failed to create stream??", NULL, NULL);
891 smart_str_free(&soap_headers_z);
892 return FALSE;
893 }
894
895 if (!return_value) {
896 php_stream_close(stream);
897 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
898 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
899 smart_str_free(&soap_headers_z);
900 return TRUE;
901 }
902
903 do {
904 http_headers = get_http_headers(stream);
905 if (!http_headers) {
906 if (request != buf) {
907 zend_string_release_ex(request, 0);
908 }
909 php_stream_close(stream);
910 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
911 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
912 add_soap_fault(this_ptr, "HTTP", "Error Fetching http headers", NULL, NULL);
913 smart_str_free(&soap_headers_z);
914 return FALSE;
915 }
916
917 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
918 zval_ptr_dtor(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr));
919 ZVAL_STR_COPY(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr), http_headers);
920 }
921
922 /* Check to see what HTTP status was sent */
923 http_1_1 = 0;
924 http_status = 0;
925 http_version = get_http_header_value(ZSTR_VAL(http_headers), "HTTP/");
926 if (http_version) {
927 char *tmp;
928
929 if (!strncmp(http_version,"1.1", 3)) {
930 http_1_1 = 1;
931 }
932
933 tmp = strstr(http_version," ");
934 if (tmp != NULL) {
935 tmp++;
936 http_status = atoi(tmp);
937 }
938 tmp = strstr(tmp," ");
939 if (tmp != NULL) {
940 tmp++;
941 if (http_msg) {
942 efree(http_msg);
943 }
944 http_msg = estrdup(tmp);
945 }
946 efree(http_version);
947
948 /* Try and get headers again */
949 if (http_status == 100) {
950 zend_string_release_ex(http_headers, 0);
951 }
952 }
953 } while (http_status == 100);
954
955 /* Grab and send back every cookie */
956
957 /* Not going to worry about Path: because
958 we shouldn't be changing urls so path doesn't
959 matter too much
960 */
961 cookie_itt = ZSTR_VAL(http_headers);
962
963 while ((cookie_itt = get_http_header_value_nodup(cookie_itt, "Set-Cookie: ", &cookie_len))) {
964 zval *cookies = Z_CLIENT_COOKIES_P(this_ptr);
965 SEPARATE_ARRAY(cookies);
966
967 char *cookie = estrndup(cookie_itt, cookie_len);
968 char *eqpos = strstr(cookie, "=");
969 char *sempos = strstr(cookie, ";");
970 if (eqpos != NULL && (sempos == NULL || sempos > eqpos)) {
971 smart_str name = {0};
972 int cookie_len;
973 zval zcookie;
974
975 if (sempos != NULL) {
976 cookie_len = sempos-(eqpos+1);
977 } else {
978 cookie_len = strlen(cookie)-(eqpos-cookie)-1;
979 }
980
981 smart_str_appendl(&name, cookie, eqpos - cookie);
982 smart_str_0(&name);
983
984 array_init(&zcookie);
985 add_index_stringl(&zcookie, 0, eqpos + 1, cookie_len);
986
987 if (sempos != NULL) {
988 char *options = cookie + cookie_len+1;
989 while (*options) {
990 while (*options == ' ') {options++;}
991 sempos = strstr(options, ";");
992 if (strstr(options,"path=") == options) {
993 eqpos = options + sizeof("path=")-1;
994 add_index_stringl(&zcookie, 1, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
995 } else if (strstr(options,"domain=") == options) {
996 eqpos = options + sizeof("domain=")-1;
997 add_index_stringl(&zcookie, 2, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
998 } else if (strstr(options,"secure") == options) {
999 add_index_bool(&zcookie, 3, 1);
1000 }
1001 if (sempos != NULL) {
1002 options = sempos+1;
1003 } else {
1004 break;
1005 }
1006 }
1007 }
1008 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 1)) {
1009 char *t = phpurl->path?ZSTR_VAL(phpurl->path):"/";
1010 char *c = strrchr(t, '/');
1011 if (c) {
1012 add_index_stringl(&zcookie, 1, t, c-t);
1013 }
1014 }
1015 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 2)) {
1016 add_index_str(&zcookie, 2, phpurl->host);
1017 GC_ADDREF(phpurl->host);
1018 }
1019
1020 zend_symtable_update(Z_ARRVAL_P(cookies), name.s, &zcookie);
1021 smart_str_free(&name);
1022 }
1023
1024 cookie_itt = cookie_itt + cookie_len;
1025 efree(cookie);
1026 }
1027
1028 /* See if the server requested a close */
1029 if (http_1_1) {
1030 http_close = FALSE;
1031 if (use_proxy && !use_ssl) {
1032 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1033 if (connection) {
1034 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1035 http_close = TRUE;
1036 }
1037 efree(connection);
1038 }
1039 }
1040 if (http_close == FALSE) {
1041 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1042 if (connection) {
1043 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1044 http_close = TRUE;
1045 }
1046 efree(connection);
1047 }
1048 }
1049 } else {
1050 http_close = TRUE;
1051 if (use_proxy && !use_ssl) {
1052 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1053 if (connection) {
1054 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1055 http_close = FALSE;
1056 }
1057 efree(connection);
1058 }
1059 }
1060 if (http_close == TRUE) {
1061 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1062 if (connection) {
1063 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1064 http_close = FALSE;
1065 }
1066 efree(connection);
1067 }
1068 }
1069 }
1070
1071
1072 http_body = get_http_body(stream, http_close, ZSTR_VAL(http_headers));
1073 if (!http_body) {
1074 if (request != buf) {
1075 zend_string_release_ex(request, 0);
1076 }
1077 php_stream_close(stream);
1078 zend_string_release_ex(http_headers, 0);
1079 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1080 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1081 add_soap_fault(this_ptr, "HTTP", "Error Fetching http body, No Content-Length, connection closed or chunked data", NULL, NULL);
1082 if (http_msg) {
1083 efree(http_msg);
1084 }
1085 smart_str_free(&soap_headers_z);
1086 return FALSE;
1087 }
1088
1089 if (request != buf) {
1090 zend_string_release_ex(request, 0);
1091 }
1092
1093 if (http_close) {
1094 php_stream_close(stream);
1095 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1096 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1097 stream = NULL;
1098 }
1099
1100 /* Process HTTP status codes */
1101 if (http_status >= 300 && http_status < 400) {
1102 char *loc;
1103
1104 if ((loc = get_http_header_value(ZSTR_VAL(http_headers), "Location: ")) != NULL) {
1105 php_url *new_url = php_url_parse(loc);
1106
1107 if (new_url != NULL) {
1108 zend_string_release_ex(http_headers, 0);
1109 zend_string_release_ex(http_body, 0);
1110 efree(loc);
1111 if (new_url->scheme == NULL && new_url->path != NULL) {
1112 new_url->scheme = phpurl->scheme ? zend_string_copy(phpurl->scheme) : NULL;
1113 new_url->host = phpurl->host ? zend_string_copy(phpurl->host) : NULL;
1114 new_url->port = phpurl->port;
1115 if (new_url->path && ZSTR_VAL(new_url->path)[0] != '/') {
1116 if (phpurl->path) {
1117 char *t = ZSTR_VAL(phpurl->path);
1118 char *p = strrchr(t, '/');
1119 if (p) {
1120 zend_string *s = zend_string_alloc((p - t) + ZSTR_LEN(new_url->path) + 2, 0);
1121 strncpy(ZSTR_VAL(s), t, (p - t) + 1);
1122 ZSTR_VAL(s)[(p - t) + 1] = 0;
1123 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1124 zend_string_release_ex(new_url->path, 0);
1125 new_url->path = s;
1126 }
1127 } else {
1128 zend_string *s = zend_string_alloc(ZSTR_LEN(new_url->path) + 2, 0);
1129 ZSTR_VAL(s)[0] = '/';
1130 ZSTR_VAL(s)[1] = 0;
1131 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1132 zend_string_release_ex(new_url->path, 0);
1133 new_url->path = s;
1134 }
1135 }
1136 }
1137 phpurl = new_url;
1138
1139 if (--redirect_max < 1) {
1140 add_soap_fault(this_ptr, "HTTP", "Redirection limit reached, aborting", NULL, NULL);
1141 smart_str_free(&soap_headers_z);
1142 return FALSE;
1143 }
1144
1145 goto try_again;
1146 }
1147 }
1148 } else if (http_status == 401) {
1149 /* Digest authentication */
1150 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
1151 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
1152 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
1153 char *auth = get_http_header_value(ZSTR_VAL(http_headers), "WWW-Authenticate: ");
1154 if (auth && strstr(auth, "Digest") == auth && Z_TYPE_P(digest) != IS_ARRAY
1155 && Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(password) == IS_STRING) {
1156 char *s;
1157 zval digest;
1158
1159 ZVAL_UNDEF(&digest);
1160 s = auth + sizeof("Digest")-1;
1161 while (*s != '\0') {
1162 char *name, *val;
1163 while (*s == ' ') ++s;
1164 name = s;
1165 while (*s != '\0' && *s != '=') ++s;
1166 if (*s == '=') {
1167 *s = '\0';
1168 ++s;
1169 if (*s == '"') {
1170 ++s;
1171 val = s;
1172 while (*s != '\0' && *s != '"') ++s;
1173 } else {
1174 val = s;
1175 while (*s != '\0' && *s != ' ' && *s != ',') ++s;
1176 }
1177 if (*s != '\0') {
1178 if (*s != ',') {
1179 *s = '\0';
1180 ++s;
1181 while (*s != '\0' && *s != ',') ++s;
1182 if (*s != '\0') ++s;
1183 } else {
1184 *s = '\0';
1185 ++s;
1186 }
1187 }
1188 if (Z_TYPE(digest) == IS_UNDEF) {
1189 array_init(&digest);
1190 }
1191 add_assoc_string(&digest, name, val);
1192 }
1193 }
1194
1195 if (Z_TYPE(digest) != IS_UNDEF) {
1196 php_url *new_url = emalloc(sizeof(php_url));
1197
1198 zval_ptr_dtor(Z_CLIENT_DIGEST_P(this_ptr));
1199 ZVAL_COPY_VALUE(Z_CLIENT_DIGEST_P(this_ptr), &digest);
1200
1201 *new_url = *phpurl;
1202 if (phpurl->scheme) phpurl->scheme = zend_string_copy(phpurl->scheme);
1203 if (phpurl->user) phpurl->user = zend_string_copy(phpurl->user);
1204 if (phpurl->pass) phpurl->pass = zend_string_copy(phpurl->pass);
1205 if (phpurl->host) phpurl->host = zend_string_copy(phpurl->host);
1206 if (phpurl->path) phpurl->path = zend_string_copy(phpurl->path);
1207 if (phpurl->query) phpurl->query = zend_string_copy(phpurl->query);
1208 if (phpurl->fragment) phpurl->fragment = zend_string_copy(phpurl->fragment);
1209 phpurl = new_url;
1210
1211 efree(auth);
1212 zend_string_release_ex(http_headers, 0);
1213 zend_string_release_ex(http_body, 0);
1214
1215 goto try_again;
1216 }
1217 }
1218 if (auth) efree(auth);
1219 }
1220 smart_str_free(&soap_headers_z);
1221
1222 /* Check and see if the server even sent a xml document */
1223 content_type = get_http_header_value(ZSTR_VAL(http_headers), "Content-Type: ");
1224 if (content_type) {
1225 char *pos = NULL;
1226 int cmplen;
1227 pos = strstr(content_type,";");
1228 if (pos != NULL) {
1229 cmplen = pos - content_type;
1230 } else {
1231 cmplen = strlen(content_type);
1232 }
1233 if (strncmp(content_type, "text/xml", cmplen) == 0 ||
1234 strncmp(content_type, "application/soap+xml", cmplen) == 0) {
1235 content_type_xml = 1;
1236 /*
1237 if (strncmp(http_body, "<?xml", 5)) {
1238 zval *err;
1239 MAKE_STD_ZVAL(err);
1240 ZVAL_STRINGL(err, http_body, http_body_size, 1);
1241 add_soap_fault(this_ptr, "HTTP", "Didn't receive an xml document", NULL, err);
1242 efree(content_type);
1243 zend_string_release_ex(http_headers, 0);
1244 efree(http_body);
1245 return FALSE;
1246 }
1247 */
1248 }
1249 efree(content_type);
1250 }
1251
1252 /* Decompress response */
1253 content_encoding = get_http_header_value(ZSTR_VAL(http_headers), "Content-Encoding: ");
1254 if (content_encoding) {
1255 zval func;
1256 zval retval;
1257 zval params[1];
1258
1259 if ((strcmp(content_encoding,"gzip") == 0 ||
1260 strcmp(content_encoding,"x-gzip") == 0) &&
1261 zend_hash_str_exists(EG(function_table), "gzinflate", sizeof("gzinflate")-1)) {
1262 ZVAL_STRING(&func, "gzinflate");
1263 ZVAL_STRINGL(¶ms[0], http_body->val+10, http_body->len-10);
1264 } else if (strcmp(content_encoding,"deflate") == 0 &&
1265 zend_hash_str_exists(EG(function_table), "gzuncompress", sizeof("gzuncompress")-1)) {
1266 ZVAL_STRING(&func, "gzuncompress");
1267 ZVAL_STR_COPY(¶ms[0], http_body);
1268 } else {
1269 efree(content_encoding);
1270 zend_string_release_ex(http_headers, 0);
1271 zend_string_release_ex(http_body, 0);
1272 if (http_msg) {
1273 efree(http_msg);
1274 }
1275 add_soap_fault(this_ptr, "HTTP", "Unknown Content-Encoding", NULL, NULL);
1276 return FALSE;
1277 }
1278 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, 1, params) == SUCCESS &&
1279 Z_TYPE(retval) == IS_STRING) {
1280 zval_ptr_dtor(¶ms[0]);
1281 zval_ptr_dtor(&func);
1282 zend_string_release_ex(http_body, 0);
1283 ZVAL_COPY_VALUE(return_value, &retval);
1284 } else {
1285 zval_ptr_dtor(¶ms[0]);
1286 zval_ptr_dtor(&func);
1287 efree(content_encoding);
1288 zend_string_release_ex(http_headers, 0);
1289 zend_string_release_ex(http_body, 0);
1290 add_soap_fault(this_ptr, "HTTP", "Can't uncompress compressed response", NULL, NULL);
1291 if (http_msg) {
1292 efree(http_msg);
1293 }
1294 return FALSE;
1295 }
1296 efree(content_encoding);
1297 } else {
1298 ZVAL_STR(return_value, http_body);
1299 }
1300
1301 zend_string_release_ex(http_headers, 0);
1302
1303 if (http_status >= 400) {
1304 int error = 0;
1305
1306 if (Z_STRLEN_P(return_value) == 0) {
1307 error = 1;
1308 } else if (Z_STRLEN_P(return_value) > 0) {
1309 if (!content_type_xml) {
1310 char *s = Z_STRVAL_P(return_value);
1311
1312 while (*s != '\0' && *s < ' ') {
1313 s++;
1314 }
1315 if (strncmp(s, "<?xml", 5)) {
1316 error = 1;
1317 }
1318 }
1319 }
1320
1321 if (error) {
1322 zval_ptr_dtor(return_value);
1323 ZVAL_UNDEF(return_value);
1324 add_soap_fault(this_ptr, "HTTP", http_msg, NULL, NULL);
1325 efree(http_msg);
1326 return FALSE;
1327 }
1328 }
1329
1330 if (http_msg) {
1331 efree(http_msg);
1332 }
1333
1334 return TRUE;
1335 }
1336
get_http_header_value_nodup(char * headers,char * type,size_t * len)1337 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len)
1338 {
1339 char *pos, *tmp = NULL;
1340 int typelen, headerslen;
1341
1342 typelen = strlen(type);
1343 headerslen = strlen(headers);
1344
1345 /* header `titles' can be lower case, or any case combination, according
1346 * to the various RFC's. */
1347 pos = headers;
1348 do {
1349 /* start of buffer or start of line */
1350 if (strncasecmp(pos, type, typelen) == 0) {
1351 char *eol;
1352
1353 /* match */
1354 tmp = pos + typelen;
1355
1356 /* strip leading whitespace */
1357 while (*tmp == ' ' || *tmp == '\t') {
1358 tmp++;
1359 }
1360
1361 eol = strchr(tmp, '\n');
1362 if (eol == NULL) {
1363 eol = headers + headerslen;
1364 } else if (eol > tmp) {
1365 if (*(eol-1) == '\r') {
1366 eol--;
1367 }
1368
1369 /* strip trailing whitespace */
1370 while (eol > tmp && (*(eol-1) == ' ' || *(eol-1) == '\t')) {
1371 eol--;
1372 }
1373 }
1374
1375 *len = eol - tmp;
1376 return tmp;
1377 }
1378
1379 /* find next line */
1380 pos = strchr(pos, '\n');
1381 if (pos) {
1382 pos++;
1383 }
1384
1385 } while (pos);
1386
1387 return NULL;
1388 }
1389
get_http_header_value(char * headers,char * type)1390 static char *get_http_header_value(char *headers, char *type)
1391 {
1392 size_t len;
1393 char *value;
1394
1395 value = get_http_header_value_nodup(headers, type, &len);
1396
1397 if (value) {
1398 return estrndup(value, len);
1399 }
1400
1401 return NULL;
1402 }
1403
get_http_body(php_stream * stream,int close,char * headers)1404 static zend_string* get_http_body(php_stream *stream, int close, char *headers)
1405 {
1406 zend_string *http_buf = NULL;
1407 char *header;
1408 int header_close = close, header_chunked = 0, header_length = 0, http_buf_size = 0;
1409
1410 if (!close) {
1411 header = get_http_header_value(headers, "Connection: ");
1412 if (header) {
1413 if(!strncasecmp(header, "close", sizeof("close")-1)) header_close = 1;
1414 efree(header);
1415 }
1416 }
1417 header = get_http_header_value(headers, "Transfer-Encoding: ");
1418 if (header) {
1419 if(!strncasecmp(header, "chunked", sizeof("chunked")-1)) header_chunked = 1;
1420 efree(header);
1421 }
1422 header = get_http_header_value(headers, "Content-Length: ");
1423 if (header) {
1424 header_length = atoi(header);
1425 efree(header);
1426 if (!header_length && !header_chunked) {
1427 /* Empty response */
1428 return ZSTR_EMPTY_ALLOC();
1429 }
1430 }
1431
1432 if (header_chunked) {
1433 char ch, done, headerbuf[8192];
1434
1435 done = FALSE;
1436
1437 while (!done) {
1438 int buf_size = 0;
1439
1440 php_stream_gets(stream, headerbuf, sizeof(headerbuf));
1441 if (sscanf(headerbuf, "%x", &buf_size) > 0 ) {
1442 if (buf_size > 0) {
1443 size_t len_size = 0;
1444
1445 if (http_buf_size + buf_size + 1 < 0) {
1446 if (http_buf) {
1447 zend_string_release_ex(http_buf, 0);
1448 }
1449 return NULL;
1450 }
1451
1452 if (http_buf) {
1453 http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0);
1454 } else {
1455 http_buf = zend_string_alloc(buf_size, 0);
1456 }
1457
1458 while (len_size < buf_size) {
1459 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size);
1460 if (len_read <= 0) {
1461 /* Error or EOF */
1462 done = TRUE;
1463 break;
1464 }
1465 len_size += len_read;
1466 http_buf_size += len_read;
1467 }
1468
1469 /* Eat up '\r' '\n' */
1470 ch = php_stream_getc(stream);
1471 if (ch == '\r') {
1472 ch = php_stream_getc(stream);
1473 }
1474 if (ch != '\n') {
1475 /* Something wrong in chunked encoding */
1476 if (http_buf) {
1477 zend_string_release_ex(http_buf, 0);
1478 }
1479 return NULL;
1480 }
1481 }
1482 } else {
1483 /* Something wrong in chunked encoding */
1484 if (http_buf) {
1485 zend_string_release_ex(http_buf, 0);
1486 }
1487 return NULL;
1488 }
1489 if (buf_size == 0) {
1490 done = TRUE;
1491 }
1492 }
1493
1494 /* Ignore trailer headers */
1495 while (1) {
1496 if (!php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1497 break;
1498 }
1499
1500 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1501 (headerbuf[0] == '\n')) {
1502 /* empty line marks end of headers */
1503 break;
1504 }
1505 }
1506
1507 if (http_buf == NULL) {
1508 return ZSTR_EMPTY_ALLOC();
1509 }
1510
1511 } else if (header_length) {
1512 if (header_length < 0 || header_length >= INT_MAX) {
1513 return NULL;
1514 }
1515 http_buf = zend_string_alloc(header_length, 0);
1516 while (http_buf_size < header_length) {
1517 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, header_length - http_buf_size);
1518 if (len_read <= 0) {
1519 break;
1520 }
1521 http_buf_size += len_read;
1522 }
1523 } else if (header_close) {
1524 do {
1525 ssize_t len_read;
1526 if (http_buf) {
1527 http_buf = zend_string_realloc(http_buf, http_buf_size + 4096, 0);
1528 } else {
1529 http_buf = zend_string_alloc(4096, 0);
1530 }
1531 len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096);
1532 if (len_read > 0) {
1533 http_buf_size += len_read;
1534 }
1535 } while(!php_stream_eof(stream));
1536 } else {
1537 return NULL;
1538 }
1539
1540 http_buf->val[http_buf_size] = '\0';
1541 http_buf->len = http_buf_size;
1542 return http_buf;
1543 }
1544
get_http_headers(php_stream * stream)1545 static zend_string *get_http_headers(php_stream *stream)
1546 {
1547 smart_str tmp_response = {0};
1548 char headerbuf[8192];
1549
1550 while (php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1551 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1552 (headerbuf[0] == '\n')) {
1553 /* empty line marks end of headers */
1554 smart_str_0(&tmp_response);
1555 return tmp_response.s;
1556 }
1557
1558 /* add header to collection */
1559 smart_str_appends(&tmp_response, headerbuf);
1560 }
1561
1562 smart_str_free(&tmp_response);
1563 return NULL;
1564 }
1565